Configuring An Ethernet Frame Header Acl - HP 6125XLG Configuration Manual
Blade switch acl and qos configuration guide
Hide thumbs
Also See for 6125XLG:
- Layer 3 - ip routing configuration manual (492 pages) ,
- Command reference manual (466 pages) ,
- Configuration manual (414 pages)
Table of Contents
Advertisement
Step
5.
Create or edit a rule.
6.
(Optional.) Add or
edit a rule comment.
Configuring an Ethernet frame header ACL
Ethernet frame header ACLs, also called "Layer 2 ACLs," match packets based on Layer 2 protocol
header fields, such as source MAC address, destination MAC address, 802.1p priority (VLAN priority),
and link layer protocol type.
To configure an Ethernet frame header ACL:
Command
rule [ rule-id ] { deny | permit } protocol
[ { { ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn syn-value |
urg urg-value } * | established } | counting
| destination { dest-address dest-prefix |
dest-address/dest-prefix | any } |
destination-port operator port1 [ port2 ] |
dscp dscp | flow-label flow-label-value |
fragment | icmp6-type { icmp6-type
icmp6-code | icmp6-message } | logging |
routing [ type routing-type ] | hop-by-hop
[ type hop-type ] | source { source-address
source-prefix |
source-address/source-prefix | any } |
source-port operator port1 [ port2 ] |
time-range time-range-name | vpn-instance
vpn-instance-name ] *
rule rule-id comment text
8
Remarks
By default, IPv6 advanced ACL
does not contain any rule.
The logging keyword takes effect
only when the module (for
example, packet filtering) that uses
the ACL supports logging.
If an IPv6 advanced ACL is for QoS
traffic classification:
•
Do not specify the vpn-instance
or fragment keyword.
•
Do not specify neq for the
operator argument.
•
If the ACL is for outbound QoS
traffic classification:
Do not specify the routing,
hop-by-hop, or flow-label
keyword.
Do not specify ipv6-ah or
ipv6-esp for the protocol
argument, nor set its value to
0, 43, 44, 51, or 60.
If an IPv6 advanced ACL is for
packet filtering:
•
Do not specify the
vpn-instance, routing,
hop-by-hop, fragment, or
flow-label keyword.
•
Do not specify ipv6-ah or
ipv6-esp for the protocol
argument, nor set its value to 0,
43, 44, 51, or 60.
•
Do not specify neq for the
operator argument.
If an ACL is to match information in
the IPv6 packet payload, it cannot
match the packet with more than
two extension headers or with the
Encapsulating Security Payload
Header.
By default, no rule comments are
configured.
Advertisement
Table of Contents
